Kaspersky has identified more than 200 GitHub repositories hosting convincing-looking fake projects embedded with malicious software. This discovery points to a two-year campaign aimed at deceiving developers and internet users.
The repositories falsely claim to offer code for various applications, including Instagram aggregators, game cheats, and Telegram bots. In reality, they contain software designed to steal personal information, passwords, and even hijack cryptocurrency wallets.
Kaspersky has dubbed the campaign GitVenom, estimating that the perpetrators have already siphoned nearly $500,000 from victims. Some of these malicious repositories appear to have been taken down, but users are advised to remain vigilant.
To avoid falling victim to these threats, Kaspersky has provided a list of specific hashes and indicators to watch out for. This information can help users identify potentially infected projects before installation.
For more details, visit the original article here.